Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ignore casing in CIDR wildcards #210

Merged
merged 1 commit into from
Aug 20, 2024
Merged

Ignore casing in CIDR wildcards #210

merged 1 commit into from
Aug 20, 2024

Conversation

InverseIntegral
Copy link
Contributor

Problem

Trivy doesn't detect any problem in the following Terraform file:

resource "azurerm_network_security_group" "example" {
  security_rule {
    direction                  = "Inbound"
    access                     = "Allow"
    source_address_prefix      = "Internet"
  }
}

Changing it to this, however, results in a critical finding:

resource "azurerm_network_security_group" "example" {
  security_rule {
    direction                  = "Inbound"
    access                     = "Allow"
    source_address_prefix      = "internet"
  }
}

Note the different casing of the source_address_prefix.

Solution

I've adjusted the CIDR checks to include the wildcards regardless of their casing. internet and Internet should now be treated the same way.

@CLAassistant
Copy link

CLAassistant commented Aug 10, 2024
edited
Loading

CLA assistant check
All committers have signed the CLA.

nikpivkin
nikpivkin approved these changes Aug 12, 2024
View reviewed changes
Copy link
Contributor

@nikpivkin nikpivkin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@simar7 simar7 added this pull request to the merge queue Aug 20, 2024
Merged via the queue into aquasecurity:main with commit ed0099c Aug 20, 2024
5 checks passed
@InverseIntegral InverseIntegral deleted the ignore-casing-for-cidr-wildcards branch August 20, 2024 16:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nikpivkin nikpivkin nikpivkin approved these changes

@simar7 simar7 simar7 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@InverseIntegral @CLAassistant @simar7 @nikpivkin